CVE-2018-15473 - SSH user enumeration

vk496 · August 23, 2018, 9:02am

Hello,

It seems to me that is not been reported here yet. There is a new vulnerability to OpenSSH (user enumeration) that also affects Dropbear. CVE-2018-15473

https://www.bleepingcomputer.com/news/security/vulnerability-affects-all-openssh-versions-released-in-the-past-two-decades/

If you have Docker, you can easily build the POC and test it by yourself with these 2 commands:

$ docker build github.com/Rhynorater/CVE-2018-15473-Exploit -t cve-2018-15473
$ docker run --network host --rm cve-2018-15473 --port 22 --username root openwrt.lan

Salu2

lantis1008 · August 23, 2018, 10:14am

Source?

EDIT:
Nevermind i think i found it. Different CVE number
https://security-tracker.debian.org/tracker/CVE-2018-15599

JW0914 · August 23, 2018, 2:52pm

For the vast majority of OpenWrt users, this isn't a security risk, as OpenWrt is a single user OS, meaning root is the only account majority of users utilize for SSH.

While additional users can be configured for SSH, there's only a handful of usage cases since OpenWrt is a single user OS.

tmomas · August 24, 2018, 9:52pm

Fixed in master: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=2211ee0037764e1c6b1576fe7a0975722cd4acdc

Fixed in 18.06: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=8bb9d053eb17c98659f5fb04d7a7c3bafdf42e9c

Fixed in 17.01: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=bb7c4cff2086fffddf5cb20e40cfe4979ba1a7e6